Seen a lot of applications or web services telling you that they have recently reviewed their Terms of services lately and wondering what it is about? This article is here to answer and explain all about What GDPR is, who it applies to, and its implications for business and its end users.

What is GDPR?

The European Union (EU) General Data Protection Regulation (GDPR) (EU) 2016/679) is a law that focuses clinically on regulating and addressing the collection, usage, storage, processing and transfer of the personal data of European Union citizens. It replaces the EU Data Protection Directive (95/46/EC) of the year 1995.

Basically, GDPR tries to give Europeans back control of their data and also assert digital sovereignty.

Who does it apply to?

This regulation applies to all European Union member states and any Body or entity that deals with the transfers of personal data outside of the European Union. That is to say, if the nature of your company’s business is for the collection of personal data from European Union citizens, GDPR applies to you.

What are the business implications of GDPR

Truth is, this new data protection regulation puts the consumer in the pilot’s seat, and the onus of complying with this regulation falls upon the businesses and organizations.

There are grave penalties for companies and organizations who decide to be non-complaint with GDPR, with fines of 4% of annual global revenue or 20 million Euros (whichever is greater) from the business or organization.

Majority view the GDPR as just a tech problem, this assumption is flawed; as GDPR has a broader all-encompassing implications for the whole company, business or organization, which includes the way companies handle marketing and sales activities.

What is the impact of GDPR on customers?

The most evident and immediate impact is coming in the Terms of Service and other caveats/ warnings for companies. The GDPR’s idea of consent requires a lot more than previous regulations, which means companies will be asking permission to collect your data a lot more often as opposed to obtaining it arbitrarily without consent. In concrete terms, that means a lot more “click to proceed” boxes, although the transparency requirements mean the text inside may be a little clearer than the tiny-worded lump of texts you’re used to.

Companies will also be introducing the opportunity to download all the data they have extracted from you. This service would be rolled out today worldwide by all companies.

That helps in two ways: it lets you check what companies are collecting, and it could help unwind platform dominance by letting you transfer data between networks.

The conditions for obtaining consent are now stricter and more rigid under GDPR, as the individual must also have the right to withdraw the consent given at any time

All of this means that companies would have to prove that the individual agreed to a certain action, to receive a newsletter for instance. It is not allowed to assume or add a disclaimer, and providing an opt-out option is not enough.

What are your thoughts on this? Is the involvement of GDPR a great and welcome initiative?